WASHINGTON (CNA) – Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, the company said early on Thursday – a serious escalation that could portend widespread digital disruption.
The disclosure, initially made on Twitter by Microsoft Corp security programme manager Phillip Misner and later confirmed by the Redmond, Washington-based company, is the realisation of worries that have been coursing through the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organisations across the Internet.
Misner did not immediately respond to follow-up messages and Microsoft did not return emails seeking further comment. The United States (US) Cybersecurity and Infrastructure Security Agency and the FBI also did not immediately respond.
Even though the security holes announced by Microsoft have since been fixed, organisations worldwide have failed to patch their software, leaving them open to exploitation. Experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture and lack of expertise. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.